diff options
author | mboelen <michael@cisofy.com> | 2014-09-11 18:21:01 +0400 |
---|---|---|
committer | mboelen <michael@cisofy.com> | 2014-09-11 18:21:01 +0400 |
commit | ff6757f6e6c8b43d5d8e32ab9f4f24effa983e7f (patch) | |
tree | 9e8594651237ab7cbb17349d5d3497e892b1fe37 /lynis | |
parent | b9a9aea340116da124f91bf9ce24adca1a79fb79 (diff) |
Less restrictive permissions for include files and plugins, to allow pentest mode.
Diffstat (limited to 'lynis')
-rwxr-xr-x | lynis | 6 |
1 files changed, 3 insertions, 3 deletions
@@ -630,7 +630,7 @@ PLUGIN_VERSION=`grep "^# PLUGIN_VERSION=" ${I} | awk -F= '{ print $2 }'` PLUGIN_VERSION_NODOTS=`echo ${PLUGIN_VERSION} | sed 's/.//g'` FIND4=`ls -l ${PLUGINFILE} | cut -c 2-10` - if [ "${FIND4}" = "rw-r-----" -o "${FIND4}" = "rw-------" -o "${FIND4}" = "r--------" ]; then + if [ "${FIND4}" = "rw-r--r--" -o "${FIND4}" = "rw-r-----" -o "${FIND4}" = "rw-------" -o "${FIND4}" = "r--------" ]; then logtext "Including plugin file: ${PLUGINFILE} (version: ${PLUGIN_VERSION})" report "plugin_enabled_phase1[]=${FIND2}|${PLUGIN_VERSION}|" N_PLUGIN_ENABLED=`expr ${N_PLUGIN_ENABLED} + 1` @@ -704,7 +704,7 @@ # Test if file exists, then if permissions are correct if [ -f ${INCLUDEDIR}/tests_${INCLUDE_TEST} ]; then FIND=`ls -l ${INCLUDEDIR}/tests_${INCLUDE_TEST} | cut -c 2-10` - if [ "${FIND}" = "rw-r-----" -o "${FIND}" = "rw-------" -o "${FIND}" = "r--------" ]; then + if [ "${FIND}" = "rw-r--r--" -o "${FIND}" = "rw-r-----" -o "${FIND}" = "rw-------" -o "${FIND}" = "r--------" ]; then . ${INCLUDEDIR}/tests_${INCLUDE_TEST} else logtext "Exception: skipping test category ${INCLUDE_TEST}, file ${INCLUDEDIR}/tests_${INCLUDE_TEST} has bad permissions (should be 640, 600 or 400)" @@ -729,7 +729,7 @@ logtext "Result: tests_custom file found in include directory" logtext "Test: checking file permissions of tests_custom file" FIND=`ls -l ${INCLUDEDIR}/tests_custom | cut -c 2-10` - if [ "${FIND}" = "rw-r-----" -o "${FIND}" = "rw-------" -o "${FIND}" = "r--------" ]; then + if [ "${FIND}" = "rw-r--r--" -o "${FIND}" = "rw-r-----" -o "${FIND}" = "rw-------" -o "${FIND}" = "r--------" ]; then Display --indent 2 --text "- Start custom tests... " logtext "Result: file permissions fine, running custom tests" SafePerms ${INCLUDEDIR}/tests_custom |